Mirapoint Web Mail - 'Expression()' HTML Injection



EKU-ID: 34100 CVE: CVE-2006-5712;OSVDB-33820 OSVDB-ID:
Author: LegendaryZion Published: 2006-10-31 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


source: https://www.securityfocus.com/bid/20840/info

Mirapoint Web Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute arbitrary JavaScript in the victim's browser.

<IMG style="width: expression(alert('expression'));">